DoDD 5205.02E, 'DoD Operations Security (OPSEC) Program' June 20, 2020 ...

Department of Defense

DIRECTIVE

NUMBER 5205.02E June 20, 2012

Incorporating Change 2, August 20, 2020

USD(I&S)

SUBJECT: DoD Operations Security (OPSEC) Program

References: See Enclosure 1

1. PURPOSE. This Directive:

a. Reissues DoD Directive (DoDD) 5205.02 (Reference (a)) to update established policy and assigned responsibilities governing the DoD OPSEC program, and incorporate the requirements of National Security Decision Directive Number 298 (Reference (b)) that apply to the DoD.

b. Pursuant to Reference (b), establishes the Director, National Security Agency (DIRNSA) as the Federal Executive Agent (EA) for interagency OPSEC training and assigns responsibility for maintaining an Interagency OPSEC Support Staff (IOSS).

2. APPLICABILITY. This Directive applies to the OSD, the Military Departments, the Office of the Chairman of the Joint Chiefs of Staff (CJCS) and the Joint Staff, the Combatant Commands, the Office of the Inspector General of the Department of Defense, the Defense Agencies, the DoD Field Activities, and all other organizational entities within the DoD (hereinafter referred to collectively as the "DoD Components").

3. DEFINITIONS. See Glossary.

4. POLICY. It is DoD policy that all DoD missions, functions, programs, and activities shall be protected by an OPSEC program that implements DoD Manual 5205.02 (Reference (c)).

a. OPSEC shall be considered across the entire spectrum of DoD missions, functions, programs, and activities. The level of OPSEC to apply is dependent on the threat, vulnerability, and risk to the assigned mission, function, program, or activity, and available resources.

DoDD 5205.02E, June 20, 2012

b. OPSEC and other security and information operations programs shall be closely coordinated to account for force protection and the security of information and activities.

c. DoD personnel shall maintain essential secrecy of information that is useful to adversaries and potential adversaries to plan, prepare, and conduct military and other operations against the United States and shall safeguard such information from unauthorized access and disclosure in accordance with DoD Manual 5200.01 (Reference (d)).

d. The OPSEC process shall be used to identify and mitigate indicators of U.S. intentions, capabilities, operations, and activities.

e. OPSEC countermeasures shall be employed to deny to adversaries and potential adversaries indicators that reveal critical information about DoD missions and functions.

5. RESPONSIBILITIES. See Enclosure 2.

6. INFORMATION COLLECTION REQUIREMENTS. The reporting requirements in this Directive have been assigned Report Control Symbol DD-INTEL(A)2228 in accordance with Volume 1 of DoD Manual 8910.01 (Reference (e)).

7. RELEASABILITY. Cleared for public release. This directive is available on the Directives Division Website at .

8. SUMMARY OF CHANGE 1. This administrative change corrects paragraph numbering and updates the title of the Under Secretary of Defense for Intelligence to the Under Secretary of Defense for Intelligence and Security (USD(I&S)) in accordance with Public Law 116-92 (Reference (f)).

9. EFFECTIVE DATE. This Directive is effective June 20, 2012.

Enclosures 1. References 2. Responsibilities

Glossary

Change 2, 08/20/2020

Ashton B. Carter Deputy Secretary of Defense

2

ENCLOSURE 1 REFERENCES

DoDD 5205.02E, June 20, 2012

(a) DoD Directive 5205.02, "DoD Operations Security (OPSEC) Program," March 6, 2006 (hereby cancelled)

(b) National Security Decision Directive Number 298, "National Operations Security Program," January 22, 1988

(c) DoD 5205.02-M, "DoD Operations Security (OPSEC) Program Manual," November 3, 2008, as amended

(d) DoD Manual 5200.01, "DoD Information Security Program," dates vary by volume (e) DoD Manual 8910.01, Volume 1, "DoD Information Collections Manual: Procedures for

DoD Internal Information Collections," June 30, 2014, as amended (f) Public Law 116-92, "National Defense Authorization Act for Fiscal Year 2020,"

December 20, 2019 (g) Deputy Secretary of Defense Memorandum, "Reserve Component Joint Web Risk

Assessment Cell," February 12, 1999 (h) DoD 5220.22-M, "National Industrial Security Program Operating Manual (NISPOM),"

February 28, 2006, as amended (i) Secretary of Defense Memorandum, "Strategic Communication and Information

Operations in the DoD," January 25, 2011 (j) DoD Instruction 5200.39, "Critical Program Information (CPI) Identification and

Protection Within Research, Development, Test, and Evaluation (RDT&E)," May 28, 2015, as amended (k) Office of the Chairman of the Joint Chiefs of Staff, "DoD Dictionary of Military and Associated Terms," current edition (l) Chairman of the Joint Chiefs of Staff Instruction 3213.01C, "Joint Operations Security," July 17, 2008

Change 2, 08/20/2020

3 ENCLOSURE 1

DoDD 5205.02E, June 20, 2012

ENCLOSURE 2

RESPONSIBILITIES

1. UNDER SECRETARY OF DEFENSE FOR INTELLIGENCE AND SECURITY (USD(I&S)). The USD(I&S), in addition to the responsibilities in section 11 of this enclosure, shall:

a. Establish and oversee the implementation of policies and procedures for the conduct of DoD OPSEC.

b. Report annually to the Secretary of Defense on the status of the DoD OPSEC Program.

c. Coordinate and synchronize OPSEC matters and policies affecting more than one DoD Component and other Federal agencies.

d. Develop guidance for conducting OPSEC assessments and surveys.

e. In coordination with the Under Secretary of Defense for Acquisition, Technology, and Logistics (USD(AT&L)), develop standards and procedures for the evaluation and protection, when necessary, of unclassified and classified contract efforts.

f. Assign DoD representatives to the IOSS.

g. In coordination with the Under Secretary of Defense for Policy (USD(P)), the Under Secretary of Defense for Personnel and Readiness (USD(P&R)), and the CJCS, oversee the establishment and maintenance of a professionally trained and educated OPSEC workforce as part of information operations (IO) force development.

h. In accordance with Deputy Secretary of Defense Memorandum (Reference (g)), develop procedures and guidelines to be implemented by the DoD Components for OPSEC reviews of DoD information shared via Internet-based capabilities.

i. Establish a training consortium comprised of subject matter experts from the OPSEC community to identify training requirements; review and update OPSEC curriculum; and recommend solutions to recognized training issues.

2. DIRNSA. The DIRNSA, under the authority, direction, and control of the USD(I&S), in addition to the tasks in Reference (b) and responsibilities in section 11 of this enclosure shall act as the Federal Executive Agent for interagency OPSEC training, maintain an IOSS to assist executive departments and agencies, as needed, in establishing OPSEC programs, conducting OPSEC surveys, providing OPSEC services, and developing and providing interagency OPSEC training and awareness courses and products.

Change 2, 08/20/2020

4 ENCLOSURE 2

DoDD 5205.02E, June 20, 2012

3. DIRECTOR, DEFENSE INTELLIGENCE AGENCY (DIA). The Director, DIA, under the authority, direction, and control of the USD(I&S), in addition to the responsibilities in section 11 of this enclosure, shall provide intelligence and counterintelligence threat analysis to support OPSEC planning to all DoD Components.

4. DIRECTOR, DEFENSE SECURITY SERVICE (DSS). The Director, DSS, under the authority, direction, and control of the USD(I&S), in addition to the responsibilities in section 11 of this enclosure, shall:

a. Verify compliance with OPSEC requirements incorporated in classified contracts during scheduled security reviews performed under the National Industrial Security Program (NISP) in accordance with DoD 5220.22-M (Reference (h)). If required, prescribe OPSEC countermeasures against specific threats for the protection of critical and sensitive information. On U.S. Government controlled installations, such inspections shall be performed only when the contractor location is a separately cleared facility under the NISP and the installation commander requests the security inspection.

b. In coordination with DoD Components, as necessary, conduct inspections when required. When requested, coordinate with and assist user agencies in OPSEC surveys of contractors performing classified contracts and participating in the NISP.

5. USD(P). The USD(P), in addition to the responsibilities in section 11 of this enclosure, shall:

a. As the Principal Staff Assistant for IO, serve as the principal policy development, oversight, and coordinating authority for the integration of OPSEC as a warfighting enabler, in accordance with Secretary of Defense Memorandum (Reference (i)).

b. Review Combatant Commander operations and plans for OPSEC integration.

c. In coordination with the USD(I&S), USD(P&R), and CJCS, oversee the establishment and maintenance of a professionally trained and educated OPSEC workforce as part of IO force development.

6. USD(AT&L). The USD(AT&L), in addition to the responsibilities in section 11 of this enclosure, shall:

a. Ensure an OPSEC plan is included as a countermeasure in program protection plans for research, development, and acquisition programs when critical program information has been identified by the program manager in accordance with DoD Instruction 5200.39 (Reference (j)).

b. In coordination with the USD(I&S), develop standards and procedures for the evaluation and protection, when necessary, of unclassified and classified contract efforts.

Change 2, 08/20/2020

5 ENCLOSURE 2

DoDD 5205.02E, June 20, 2012

7. USD(P&R). The USD(P&R), in addition to the responsibilities in section 11 of this enclosure, shall, in coordination with the USD(I&S), USD(P), and CJCS, oversee the establishment and maintenance of a professionally trained and educated OPSEC force as part of IO force development.

8. ASSISTANT TO THE SECRETARY OF DEFENSE FOR PUBLIC AFFAIRS (ATSD(PA)). The ATSD(PA), in addition to the responsibilities in section 11 of this enclosure, shall:

a. Develop policy and guidance to ensure OPSEC is incorporated into the public affairs release of information process.

b. Coordinate with the USD(I&S) and DIRNSA/CHCSS to ensure specialized OPSEC training is included in the curriculum for public affairs specialists and officers at the beginner and advanced levels of training at the Defense Information School.

9. DoD CHIEF INFORMATION OFFICER (DoD CIO). The DoD CIO, in addition to the responsibilities in section 11 of this enclosure, shall address OPSEC and classification through compilation of data when developing policies and initiatives regarding information sharing capabilities that are accessible across the enterprise and shall also develop procedures to mitigate risks.

10. DIRECTOR, DEFENSE INFORMATION SYSTEMS AGENCY (DISA). In accordance with Reference (g), the Director, DISA, under the authority, direction, and control of the DoD CIO and in addition to the responsibilities in section 11 of this enclosure, shall conduct ongoing OPSEC assessments of Combatant Command, OSD, Defense Agency, and DoD Field Activity websites.

11. HEADS OF THE DoD AND OSD COMPONENTS. The Heads of the DoD and OSD Components shall establish OPSEC programs with full-time OPSEC program managers and coordinators at appropriate command levels to promote an understanding and practice of OPSEC among all personnel. The Heads of the DoD and OSD Components shall direct that:

a. OPSEC responsibilities are assigned by commanders and directors to the functional area of their choice.

b. Guidance is established for identifying and updating critical information as missions change.

c. A process is in place to report to appropriate channels within the Component disclosures of critical information so that mitigating actions can be implemented.

Change 2, 08/20/2020

6 ENCLOSURE 2

DoDD 5205.02E, June 20, 2012

d. Dedicated manpower, funding, and resources are available to implement the OPSEC program. DoD Components will account and plan for resources in accordance with the Planning, Programming, Budgeting, and Execution System.

e. Annual OPSEC assessments are conducted. An OPSEC assessment may include program reviews, Inspector General inspections, or higher headquarters assessments that specifically address OPSEC.

f. An annual review and validation of Component OPSEC programs is submitted to the USD(I&S).

g. Threat-based comprehensive OPSEC surveys are conducted, at a minimum, every 3 years. Available automated risk analysis tools that facilitate the OPSEC process should be leveraged to aid in the identification of vulnerabilities and applicable countermeasures.

(1) Activities that warrant OPSEC surveys include but are not limited to research, development, test and evaluation; acquisitions; treaty verification; nonproliferation protocols; international agreements; force protection operations; special access programs; and activities that prepare, sustain, or employ Military Services over the range of military operations.

(2) DoD Components shall identify and prioritize OPSEC survey requirements and outline procedures for requesting OPSEC survey support from the appropriate organizations.

h. OPSEC support capabilities are utilized for program development and review, planning, training, surveys, assessments, and related support, as required.

i. OPSEC is coordinated and integrated with other U.S. Government agencies, allies, and coalition partner programs, operations, and activities as appropriate.

j. In accordance with Reference (c), policies and procedures are established for the review of unclassified information for OPSEC considerations and data aggregation prior to public release.

k. The risk of exposure to critical or classified information (alone or through compilation) is mitigated by providing OPSEC awareness training and guidance to the Component for those using DoD Internet services, other Internet-based capabilities, emerging technologies, or developing information sharing environments that are accessible across the enterprise.

l. OPSEC program managers, coordinators, IO professionals, public affairs personnel, contracting specialists, and personnel responsible for the review and approval of information intended for public release have received specialized OPSEC training for their duties in accordance with Reference (c). The general workforce shall receive OPSEC awareness training upon initial entry to duty (to include entry to accession programs such as basic training, commissioning sources, and internships) and annually thereafter.

m. Guidance is issued to ensure that DoD unclassified and classified contract requirements properly reflect OPSEC responsibilities and that those responsibilities are included in contracts

Change 2, 08/20/2020

7 ENCLOSURE 2

DoDD 5205.02E, June 20, 2012

when applicable. For classified contracts specifically, in accordance with paragraph 4.a. and 4.b. of this enclosure, and in coordination with the Director, DSS, ensure adequacy of industrial security efforts for OPSEC countermeasures outlined in classified contracts that fall under the NISP.

12. SECRETARIES OF THE MILITARY DEPARTMENTS. The Secretaries of the Military Departments, in addition to the responsibilities in section 11 of this enclosure, shall:

a. Establish an OPSEC capability that provides for program development, planning, training, assessments, surveys, and operational support as required.

b. Require deploying personnel to complete OPSEC training specific to the operating area.

c. Direct the establishment of OPSEC working groups at military installations to advise and support installation operations, threat, and force protection working groups.

d. In coordination with the Director, DISA, establish and maintain a capability to conduct ongoing OPSEC assessments of component websites.

13. CJCS. The CJCS, in addition to the responsibilities in section 11 of this enclosure, shall:

a. As the joint proponent for OPSEC, oversee contingency planning and operational integration of OPSEC across the Combatant Commands.

b. Evaluate and oversee joint OPSEC training to ensure Combatant Command requirements are met satisfactorily within the joint training system and meet the requirements of a professionally trained and educated OPSEC workforce as part of IO force development.

c. Establish and maintain a joint OPSEC support element to provide OPSEC training, program development and reviews, surveys, assessments, and plans and exercise support to the Combatant Commands.

d. Coordinate with the USD(I&S), USD(P), and USD(P&R) for the establishment and maintenance of a professionally trained and educated force as part of IO force development.

14. COMMANDERS OF THE COMBATANT COMMANDS. The Commanders of Combatant Commands, in addition to the responsibilities in section 11 of this enclosure, shall integrate OPSEC into all contingency planning and operations and notify the CJCS of OPSEC requirements.

15. COMMANDERS OF THE GEOGRAPHIC COMBATANT COMMANDS. The Commanders of the geographic Combatant Commands, in addition to the responsibilities in

Change 2, 08/20/2020

8 ENCLOSURE 2

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download